Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Policy: Audit for mandatory tags on resources/resource groups #1843

Merged
merged 11 commits into from
Nov 29, 2024
Merged

Policy: Audit for mandatory tags on resources/resource groups #1843

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
1fae54d
Add new custom policy 'Audit-Tags-Mandatory' for auditing mandatory t…
Springstone Nov 18, 2024
c937633
Add custom policies for auditing mandatory tags on resources and reso…
Springstone Nov 18, 2024
f4ad58d
Merge branch 'policy-refresh-q2fy25' into PolicyTagAudit
Springstone Nov 18, 2024
b4eb1cc
Refactor mandatory tags definition in Audit-Tags-Mandatory policies f…
Springstone Nov 18, 2024
9d515d3
Fix formatting in Audit-Tags-Mandatory policy definitions and update …
Springstone Nov 18, 2024
5b8fa27
.
Springstone Nov 18, 2024
a986924
.
Springstone Nov 18, 2024
af47cf7
.
Springstone Nov 18, 2024
98e15f9
.
Springstone Nov 19, 2024
299cfe5
.
Springstone Nov 21, 2024
909f4a8
.
Springstone Nov 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/wiki/ALZ-Policies-Extra.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ ALZ provides several additional policies that are not assigned by default but th

| Policy | Description | Notes |
|------------|-------------|-------------|
| Audit-Tags-Mandatory | Audit for mandatory tags on resources | Audits resources to ensure they have required tags based on tag array. Does not apply to resource groups. |
| Audit-Tags-Mandatory-RG | Audit for mandatory tags on resource groups | Audits resource groups to ensure they have required tags based on tag array. |
| Deny-Appgw-Without-Waf | Application Gateway should be deployed with WAF enabled | Use to ensure Application Gateways are deployed with Web Application Firewall enabled |
| Deny-Private-Dns-Zones | Deny the creation of private DNS | For organizations that centralize core networking functions, use this policy to prevent the creation of additional Private DNS Zones under specific scopes |
| Deny-Subnet-Without-Penp | Subnets without Private Endpoint Network Policies enabled should be denied | This policy denies the creation of a subnet without Private Endpoint Network Policies enabled. This policy is intended for 'workload' subnets, not 'central infrastructure' (aka, 'hub') subnets. |
Expand Down
1 change: 1 addition & 0 deletions docs/wiki/Whats-new.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
- Updated the policy and policySet definition API version `2023-04-01` to supporting policy versioning. In this repo, this is used in the master policies.json and initiatives.json files, that are built from individual policy and initiative files in the src folder.
- Added description for custom ALZ policy [Deny-Subnet-Without-Penp](https://www.azadvertizer.net/azpolicyadvertizer/Deny-Subnet-Without-Penp.html) to the [ALZ Policies Extra](./ALZ-Policies-Extra) wiki page.
- Updated initiative [Enforce-EncryptTransit_20240509](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html) `AppServiceMinTlsVersion` parameter to include TLS version 1.3 (as supported by the policy).
- Added new custom policies [Audit-Tags-Mandatory](https://www.azadvertizer.net/azpolicyadvertizer/Audit-Tags-Mandatory.html) and [Audit-Tags-Mandatory-Rg](https://www.azadvertizer.net/azpolicyadvertizer/Audit-Tags-Mandatory-Rg.html) to support auditing for the existence of mandatory tags (based on an array of tags). Not assigned by default.

### November 2024

Expand Down
Loading